diff --git a/SPF-how-to.md b/SPF-how-to.md index 14239fe..b9fb43d 100644 --- a/SPF-how-to.md +++ b/SPF-how-to.md @@ -11,6 +11,7 @@ Our current e-mail infrastructure was originally designed for any mail sending h * The sender address shown to the user ("RFC5322.From") is not used when authenticating. SPF uses the invisible "RFC5321.MailFrom" header. Combining SPF with DMARC removes this disadvantage. * E-mail forwarding is not supported, since the e-mail is often forwarded by another e-mail server. * SPF does not work between domains that use the same e-mail server. +* Parked domains should be explicitly configured to not use e-mail. For SPF this is done with an empty policy and a hard fail: "v=spf1 –all". # Outbound e-mail traffic (DNS records) SPF for outbound e-mail traffic is limited to publishing an SPF policy as a TXT-record in a domain name's DNS zone. This enables other parties to use SPF for validating the authenticity of e-mail servers sending e-mail on behalf of your domain name.